Cookies and similar technologies

A cookie is a small text file that a website asks your browser to store. When you come back, your browser sends the cookie back, so the site can recognise your session — for example, to keep you logged in.

Cookies are not the only way a website can store or read information on your device. "Similar technologies" is an umbrella term for things that do a comparable job, including:

• Local storage and session storage — small key/value stores built into your browser. Local storage stays on your device until it is cleared; session storage is wiped when you close the tab. These never leave your device unless code deliberately sends them somewhere.
• Tracking pixels (web beacons) — tiny invisible images used to detect that a page or email was opened.
• Scripts, tags and SDKs — pieces of code that run in your browser or app and can set storage or send signals.
• Tag managers — tools that load lots of other tags from one place.
• Device fingerprinting — building a hidden "fingerprint" from your device's characteristics (fonts, screen size, hardware) to recognise you without a cookie.
• Link decoration — adding tracking identifiers onto the end of links so you can be followed between sites.

UK law treats all of these the same way: under the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR, anything that is not strictly necessary to provide the service you asked for needs your consent before it runs.

Importantly, most of the technologies in that list are things Luceria does NOT use. We say exactly which we do use — and which we deliberately avoid — below. We only ever list something as "in use" if it is genuinely present in the product.

We group what we use into three categories. Only the first is on by default.

1. Strictly necessary (always on). These are essential to deliver the service you have asked for — signing you in, keeping your session secure, and protecting our free public tools from abuse. You cannot turn these off through a consent banner, because the service would not work without them. They do not require consent under PECR, but we still tell you about them here so you know what they do. They are not used for analytics, advertising or tracking you across other websites.

2. Functional / device-local (your settings, kept on your device). These remember your preferences and your in-progress work — your theme, whether the sidebar is open, your dashboard layout, and drafts you are part-way through (for example a CV draft or a chat you have not sent). On Luceria these are almost entirely browser local/session storage, which means they stay on your device and are not transmitted to us as tracking data. They make the product usable and keep you from losing your work. Clearing them resets those preferences and can discard unsaved drafts.

3. Analytics (OFF by default — only with your consent). We use one privacy-conscious analytics tool to understand, at an aggregate level, which features are used and where things break — so we can improve the product. This is non-essential, so it is switched off until you allow it. It does not capture your CV text, names, emails, free text or job descriptions (more detail in the table and the "What we do NOT use" section).

Non-essential technologies are OFF by default. Nothing in category 3 runs until you give consent, and you can withdraw that consent at any time.

The table below lists what Luceria actually sets, based on a review of our code. "First-party" means set by Luceria; "third-party" means set by a service provider that powers part of the product.

Note on the `luceria:*` device-local keys: there are 18+ such keys, and the names above are representative examples rather than an exhaustive list. They are functional and stay on your device. We may add or rename keys as features evolve; the categories and behaviour described here continue to apply.

[PLACEHOLDER — Sully to complete: before launch, confirm this inventory is still complete and accurate against the live build (cookie names, durations, and whether Vercel Analytics is enabled in cookieless mode).]

To be completely clear, Luceria does not use any of the following:

• Google Analytics — not used.
• Advertising or marketing cookies — none. We do not run ads, and we do not use cookies to build advertising profiles or to target ads at you. This matters especially because some of our users are under-18 minors, and we do not profile or target marketing at minors.
• Cross-site trackers — none. We do not track you across other websites or apps.
• Device fingerprinting — not used.
• Tracking pixels / web beacons — not used (including in our email; today our only emails are account verification and welcome messages via Resend, and marketing email is not active).
• Link decoration — not used.
• Tag managers (e.g. Google Tag Manager) — not used.

PostHog: PostHog is not currently active. It exists only as an unused configuration placeholder in our code and does not run, set cookies, or collect any data. If we activate PostHog (EU) in future, we will update this policy first, keep it OFF by default as a non-essential analytics tool, and ask for your consent before it runs.

We will not silently add advertising or cross-site tracking technologies. If our use of cookies materially changes, we will update this policy and, where the law requires it, ask for your consent again.

Consent banner — non-essential OFF by default. When non-essential technologies are in use, you will see a consent banner. By design:

• Non-essential technologies are switched OFF by default. Nothing in the analytics category runs until you actively choose to allow it. There are no pre-ticked boxes.
• Rejecting is exactly as easy as accepting. The banner offers clear, equally-prominent choices to accept or reject — with a "Reject" (or "Reject all" / "Only necessary") option that takes the same number of clicks and is just as visible as "Accept". We do not use dark patterns, nag screens, or designs that make rejecting harder.
• Granular choice. Where more than one non-essential category exists, you can accept or reject them individually rather than all-or-nothing.

Changing your mind at any time. You can change your choices whenever you like. [PLACEHOLDER — Sully to complete: confirm the exact in-product location/label of the "Cookie preferences" control (e.g. a footer link or a settings page) so we can name it here.] Withdrawing consent is as easy as giving it, and it takes effect from that point onward.

Where your preference is stored. Your cookie/consent preference is remembered so we don't keep asking. [PLACEHOLDER — Sully to complete: confirm where the banner preference is stored — e.g. a first-party luceria:* localStorage key and/or a first-party consent cookie — and its duration, so we can state it precisely here.] For signed-in users, we also keep a consent record in your account showing the versions of our Terms, Privacy, Cookie and Acceptable-Use policies you accepted, the time, and basic context (this is described in our Privacy Policy).

Controlling cookies through your browser. You can also control or delete cookies and clear local/session storage directly in your browser settings. Most browsers let you block or delete cookies and storage, and offer a "clear browsing data" option. Helpful guides:

• Chrome, Firefox, Safari, Edge and most browsers have a "Privacy" or "Cookies and site data" settings section — search your browser's help for "clear cookies and site data".

Bear in mind:

• Clearing or blocking storage will reset your preferences and may discard unsaved drafts held in luceria:* device-local storage.
• Strictly-necessary cookies cannot be switched off through our banner. If you block the sb-* Supabase cookies in your browser, you will not be able to log in or stay signed in, and signed-in features will not work. Blocking luc_prc may stop the public scam checker from working correctly.

"Do Not Track" / Global Privacy Control. [PLACEHOLDER — Sully to complete: confirm whether the app honours browser Do-Not-Track / Global Privacy Control signals, and state the position here.]

Luceria's minimum age is 16, and our audience deliberately includes 16-to-18-year-old school-leavers, so some of our users are minors under 18.

Because of that, we apply high-privacy defaults to everyone: non-essential technologies are off by default, we do not profile users or run targeted advertising or marketing to minors, and we minimise the data we collect. We never use cookies or similar technologies to build advertising profiles of young people. If you are a younger user (or a parent/guardian) and have any questions about how this works, please contact us using the details below.

Changes. We may update this policy as the product changes — for example, if we add a new tool or activate a feature that uses storage. When we make a material change, we update the version and the "last updated" date, and where the law requires it we will ask for your consent again before any new non-essential technology runs.

Version and last-updated. The version number and last-updated date for this policy are managed centrally (in lib/legal/versions.ts) and rendered onto this page, so they always match the version recorded against your consent. Version: [rendered from versions.ts]. Last updated: [rendered from versions.ts].

How to contact us.

• General/support: support@luceria.co.uk [PLACEHOLDER — Sully to complete: confirm this inbox is monitored.]
• Privacy questions: privacy@luceria.app [PLACEHOLDER — Sully to complete: confirm this inbox is monitored.]
• Controller / postal address: [PLACEHOLDER — Sully to complete: legal entity name, Companies House company number, and registered office address of the controller behind "Luceria".]
• Data Protection Officer / EU representative (if appointed): [PLACEHOLDER — Sully to complete: name and contact, or state "not appointed / not required".]

You can also find out more about how we handle personal data in our [Privacy Policy](/privacy). If you are in the UK and think we have not handled your data properly, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk — though we'd appreciate the chance to put things right first.